17 C
August 8, 2022
Finance Technologies

UK’s Metro Bank hit by cyberattack

UK-based Metro Bank is the latest organisation to suffer a cyberattack as the financial world can’t escape the attention of criminals.

No fun from Signaling System No 7

No fun from Signaling System No 7

According to Motherboard, Metro Bank confirmed to the publication it had faced an SS7 attack.

Hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world.

Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself.

With cybercrime gangs very prevalent, and getting predatory around banks, it seems they are using this technique to try and empty bank accounts.

Credit has to go to Motherboard for this discovery and research. At the time of writing, Metro Bank has issued no statement on its website or on its Twitter accounts.

The National Cyber Security Centre (NCSC) also confirmed this latest issue.

“We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA),” the NCSC tells Motherboard in a statement.

The bank adds: “Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result.”

If you want more info on how SS7 works, Motherboard explains that in the case of stealing money from bank accounts, a hacker would typically first need a target’s online banking username and password.

Perhaps they could obtain this by phishing the target. Then, once logged in, the bank may ask for confirmation of the transfer by sending the account owner a verification code in a text message.

With SS7, the hackers can intercept this text and enter it themselves. Exploiting SS7 in this way is a way to circumvent the protections of two-factor authentication, where a system not only requires a password, but something else too, such as an extra code.

The Metro Bank incident seems to be the first publicly reported case of a UK bank falling victim to an SS7 attack.

It’s not been a good time for the bank recently.

Last month, it had the misfortune to see a third of its share price wiped out as its profit fell short of expectations.

The fall was due to a massive blunder in how it classifies its loan book. This mistake wiped £600 million off its value.

Initially it said it found the accounting error, but then admitted it was the Prudential Regulatory Authority who had made the discovery.

UK’s Metro Bank hit by cyberattack
UK’s Metro Bank hit by cyberattack

Related posts

EBA underlines need for trust as industry adopts big data and analytics

Amme Jhonson

Iwoca calls on banks and UK government to extend CBILS

Amme Jhonson

Irish banks plan payments rival to take on fintech entrants

Amme Jhonson

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Privacy & Policy